ilspy-decompile
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill documentation recommends installing the
ilspycmdtool globally viadotnet tool install. This involves downloading and installing software from the NuGet package registry. - COMMAND_EXECUTION (LOW): The skill relies on executing shell commands such as
ilspycmdanddotnetto perform its primary function of inspecting and decompiling local assembly files. - INDIRECT PROMPT INJECTION (LOW): The skill processes untrusted binary data (.dll files) and converts it into human-readable code. If an attacker provides a malicious assembly containing embedded instructions (e.g., in comments or string constants), the agent might follow them upon reading the decompiled output.
- Ingestion points: Local file paths provided as arguments to the
ilspycmdtool. - Boundary markers: Absent; the decompiled source code is returned as raw text without delimiters.
- Capability inventory: Shell command execution via the
Bash(dnx:*)tool. - Sanitization: None; the skill provides the raw output of the decompiler directly to the agent.
Audit Metadata